There is a vulnerability in the current version of osTicket that allows an attacker to upload an PHP script, and then access it causing it to execute. This attack is being actively exploited by attackers to take over servers. This script tries to detect infected servers.

1) Remove any PHP files from the /attachments/ directory. 2) Place an index.html file there to prevent directory listing of that directory. 3) Upgrade osTicket to the latest version.